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Introduction 

Secure  Enclaves-Enabled  Technologies  is  a  digital  security  firm  to  be  launched  in  the  coming  year.  It  is 
born  from  a  unique  relationship  between  Intel  Labs  and  the  Department  of  Homeland  Security  seeking  to 
develop  a  revolutionary  solution  to  cyber  security  problems.  In  today's  increasingly-digital  world,  hackers 
and  security  companies  have  engaged  in  a  consistent  battle  of  software  development  to  secure  data. 
However,  data  at  rest  remains  extremely  vulnerable.  SE  Technologies'  software  goes  a  layer  deeper, 
activating  a  hardware  solution  to  put  a  stop  to  the  death  spiral.  Utilizing  the  silicon  of  the  computer  chip 
to  create  a  virtual  “fingerprint”,  our  hardware  solution  will  put  customers  at  ease  about  their 
organizations’  electronic  data  security.  In  fact,  an  NSA  "red  team"  of  hackers  could  not  even  begin  to 
crack  this  technology  when  given  the  chance. 

With  the  continual  evolution  of  offensive  attack  techniques,  the  need  for  more  impressive  defensive 
counter-measures  is  becoming  apparent.  As  the  requisite  to  fill  this  capability  gap  grows,  so  does  the 
opportunity  for  businesses.  Replacing  the  need  for  a  counter-measure,  recent  developments  in  micro¬ 
processer  technology  have  allowed  for  a  veritable  impenetrable  fortress  to  be  placed  inside  modern  day 
computer  systems. 

Few  digital  security  solutions  on  today’s  market  are  hardware  based,  and  none  offer  this  level  of  security. 
According  to  a  March  2013  Worldwide  Threat  Assessment,  the  number  one  global  threat  to  the  United 
States  is  cyber-attack.  Recent  attacks  have  revealed  protected  information,  shut  down  hanks  and  stock 
exchanges,  and  have  the  potential  to  disrupt  and  disable  critical  infrastructure  such  as  power  generation 
[1]. 

The  United  States  desperately  needs  a  solution  to  this  existing  and  rapidly-developing  security  threat  and 
that  solution  is  Secure  Enclaves-Enabled  Technologies. 


Technical  Analysis 

SE  Enabled  Technologies  provides  a  critical  software  complement  to  revolutionary  cyber  security 
hardware  developed  by  Intel.  Intel  has  created  a  hardware  solution  for  securing  data  that  has  no  known 
exploits.  A  hardware  solution  to  cyber  security  is  unique  in  an  industry  dominated  by  software  solutions 
which  hackers  inevitably  find  ways  to  circumnavigate.  Intel  states,  “Even  diligent  use  of  correct  software 
design  and  implementation  practices,  can  allow  secrets  to  be  exposed  through  a  single  flaw  in  any  of  the 
privileged  code  on  the  platform,  code  which  may  have  been  written  by  thousands  of  developers  from 
hundreds  of  organizations  throughout  the  world”  [2]. 
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Public  reporting  burden  for  the  collection  of  information  is  estimated  to  average  1  hour  per  response,  including  the  time  for  reviewing  instructions,  searching  existing  data  sources,  gathering  and 
maintaining  the  data  needed,  and  completing  and  reviewing  the  collection  of  information.  Send  comments  regarding  this  burden  estimate  or  any  other  aspect  of  this  collection  of  information, 
including  suggestions  for  reducing  this  burden,  to  Washington  Headquarters  Services,  Directorate  for  Information  Operations  and  Reports,  1215  Jefferson  Davis  Highway,  Suite  1204,  Arlington 
VA  22202-4302.  Respondents  should  be  aware  that  notwithstanding  any  other  provision  of  law,  no  person  shall  be  subject  to  a  penalty  for  failing  to  comply  with  a  collection  of  information  if  it 
does  not  display  a  currently  valid  OMB  control  number. 


1.  REPORT  DATE 

2014 

2.  REPORT  TYPE 

3.  DATES  COVERED 

00-00-2014  to  00-00-2014 

4.  TITLE  AND  SUBTITLE 

Secure  Enclaves-Enabled  Technologies 

5a.  CONTRACT  NUMBER 

5b.  GRANT  NUMBER 

5c.  PROGRAM  ELEMENT  NUMBER 

6.  AUTHOR(S) 

5d.  PROJECT  NUMBER 

5e.  TASK  NUMBER 

5f.  WORK  UNIT  NUMBER 

7.  PERFORMING  ORGANIZATION  NAME(S)  AND  ADDRESS(ES) 

United  States  Air  Force  Academy, Washington, DC, 20301 

8.  PERFORMING  ORGANIZATION 

REPORT  NUMBER 

9.  SPONSORING/MONITORING  AGENCY  NAME(S)  AND  ADDRESS(ES) 

10.  SPONSOR/MONITOR'S  ACRONYM(S) 

11.  SPONSOR/MONITOR'S  REPORT 
NUMBER(S) 

12.  DISTRIBUTION/AVAILABILITY  STATEMENT 

Approved  for  public  release;  distribution  unlimited 

13.  SUPPLEMENTARY  NOTES 

The  2014  National  Security  Innovation  Competition,  April  25,  2014, Colorado  Springs,  CO. 

14.  ABSTRACT 

15.  SUBJECT  TERMS 

1 

1 

16.  SECURITY  CLASSIFICATION  OF: 


a.  REPORT 

unclassified 


b.  ABSTRACT 

unclassified 


c.  THIS  PAGE 

unclassified 


17.  LIMITATION  OF 
ABSTRACT 

Same  as 
Report  (SAR) 


18.  NUMBER 
OF  PAGES 

5 


19a.  NAME  OF 
RESPONSIBLE  PERSON 


Standard  Form  298  (Rev.  8-98) 

Prescribed  by  ANSI  Std  Z39-18 


2014  National  Security  Innovation  Competition  Proceedings  Report 


To  address  this  area  of  growing  concern  Intel  developed  Software  Guard  Extensions  (SGX).  The  premise 
behind  SGX  is  the  creation  of  “enclaves”  using  a  new  set  of  CPU  instructions.  “An  enclave  is  a  protected 
area  in  the  application’s  address  space  which  provides  confidentiality  and  integrity  even  in  the  presence 
of  privileged  malware.  Attempted  accesses  to  the  enclave  memory  area  from  software  not  resident  in  the 
enclave  are  prevented  even  from  privileged  software  such  as  virtual  machine  monitors,  BIOS,  or 
operating  systems”  [3],  Typically,  malicious  software  gains  access  through  exploiting  flaws  in  code 
which  give  it  access  to  privileged  software.  Once  the  malicious  code  has  gained  access  to  that  privileged 
software,  it  has  the  necessary  access  to  exploit  all  other  applications  on  the  operating  system.  The 
capabilities  provided  by  SGX  mean  that  even  if  the  OS  or  other  highly  privileged  software  is  exploited  by 
malicious  software,  the  code  and  data  contained  in  the  enclave  will  remain  secure. 

Applications  can  be  loaded  into  and  run  inside  of  the  enclaves.  Once  the  loading  of  the  application’s  code 
and  data  is  complete,  the  enclave  is  sealed  and  all  other  external  forms  of  software  access  are  denied  [4] . 
This  ultimately  allows  for  the  “control  of  the  security  of  sensitive  code  and  data  by  creating  trusted 
domains  within  applications  to  protect  critical  information  during  execution  and  at  rest”  [5]. 

SGX  uses  access  control  mechanisms  built  into  the  processor  to  prevent  unauthorized  software  access. 
Even  when  data  leaves  the  enclave  to  be  written  to  memory,  the  data  is  kept  secure  through  automatic 
encryption  and  integrity  protection  [6].  Additionally,  multiple  enclaves  can  be  created  within  systems 
allowing  for  the  separation  of  “secrets”  from  one  another.  For  example,  medical  data  could  be  secured 
separately  from  banking  data. 

SGX  will  be  a  standard  component  of  Intel’s  chipsets  beginning  in  2015.  However,  new  software  must  be 
developed  or  current  software  must  be  adapted  in  order  to  have  the  ability  to  utilize  the  new  set  of 
instructions  provided  by  the  chipset.  Without  this  critical  software  development,  the  cyber  security 
solution  afforded  by  SGX  will  lie  dormant. 

SE  Enabled  Technologies  seeks  to  exploit  the  capabilities  of  SGX  through  the  creation  of  software 
solutions.  Currently,  we  are  seeking  to  compliment  Intel’s  hardware  solution  through  the  use  of  a  browser 
extension  application.  Using  the  browser  extension,  we  can  offer  a  wide  array  of  security  solutions  from 
secure  storage  and  transmission  of  documents  to  secure  video  streaming.  The  potential  applications  of  this 
software  are  numerous  and  lucrative.  For  example,  an  organization  such  as  the  Department  of  Veteran 
Affairs  could  us  SE  Enabled  software  to  securely  transmit  PII  of  patients,  keep  financial  data  safe,  and 
conduct  protected  communications  between  various  extensions  of  the  department.  The  combination  of  SE 
Enabled  Technologies  software  and  Intel’s  SGX  has  the  potential  to  revolutionize  the  cyber  security 
landscape  and  to  bring  relief  to  a  problem  plaguing  major  government  and  public  sector  organizations 
throughout  the  world  today. 


Implementation  Readiness  Analysis 

Cyber  security  and  the  extreme  risks  associated  with  exploitation  no  longer  dwell  in  the  realm  of  science 
fiction.  SE  Enabled  Technologies  will  focus  its  efforts  in  two  different  market  segments:  large  business 
organizations  and,  eventually,  individuals.  The  current  federal  market  for  digital  security  solutions  is  over 
$63  billion  dollars,  and  is  steadily  growing  [7].  It  is  forecast  to  continue  rapidly  expanding  into  the  next 
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decade.  The  space  is  broken  down  between  agencies  and  could  further  be  expanded  to  the  private  sector 
beyond  government  contractors. 

The  main  focus  of  Secure  Enclaves-Enabled  Technologies  is  large  business  organizations  within  the 
national  security  realm.  A  large  business  is  being  described  as  a  business  or  government  organization  with 
a  minimum  of  250  devices. 

The  market  need  for  security  software  that  protects  sensitive  information  is  obvious.  Corporations  are 
making  the  news  when  their  servers  fall  prey  to  hackers,  who  steal  millions  of  customers'  personally 
identifiable  information.  In  the  recent  breach  of  Target's  infrastructure,  over  70  million  of  its  customers 
were  affected,  each  costing  the  corporation  on  average  $125  per  person  to  remedy  the  situation.  On  the 
government  side,  organizations  are  under  the  microscope  of  Congress  for  not  taking  adequate  steps  in 
protecting  their  customers'  information.  The  list  doesn’t  stop  there  though,  organization  such  as  the 
International  Monetary  Fund  and  defense  contractors  such  as  Lockheed  Martin  have  also  been  recently 
exploited.  It  is  no  secret  that  the  United  States  expects  to  receive  millions  of  attacks  every  day,  attempting 
to  steal  vital  national  security  information  and  disrupt  federal  operations.  Whenever  data  is  sent 
electronically,  it  needs  to  be  secured,  which  SE  Enabled  Technologies'  software  can  do.  These  large 
organizations  desperately  need  a  viable  solution  in  today's  increasingly-digital  world. 

As  the  use  of  internet  devices  continues  to  grow  past  80%  of  US  citizens  (Google),  the  frequency  of 
attempted  infiltration  does  as  well.  Enemies  and  allies  alike  recognize  the  vulnerability  of  the  United 
States’  cyber  communications.  With  the  United  States’  conventional  military  forces  unmatched  against 
almost  every  military  on  the  planet,  cyber  communications  is  viewed  as  a  large  weakness.  Soon, 
organizations  and  individuals  will  desire  much  better  security  solutions  than  are  currently  offered  in  order 
to  combat  and  protect  against  the  wave  of  attacks.  SEET  promises  to  deliver  a  security  solution  that  is 
unmatched  in  the  current  marketplace.  Utilizing  Intel  Labs'  truly  revolutionary  Software  Guard  Extension 
technology,  SE  technologies  will  offer  software  solutions  to  provide  an  unmatched  level  of  digital 
security  for  both  individuals  and  large  organizations. 

Current  competitive  threats  include  existing  endpoint  security  solutions,  including  established  companies 
such  as  Symantec  and  AVG.  However,  these  companies  utilize  software-based  security  solutions  that 
have  been  proven  to  be  vulnerable  to  sophisticated  attacks.  National  security  is  an  area  that  cannot  afford 
any  loss  of  data,  so  it  requires  a  hardware-based  solution. 


Recommendations 

There  is  the  potential  to  exploit  extremely  lucrative  opportunities  utilizing  our  first-mover  advantage  in 
this  emerging  market  segment.  However,  there  is  still  significant  work  to  be  completed.  The  SE  Enabled 
browser  extension  application  is  still  in  the  early  stages  of  development  and  numerous  iterations  will  need 
to  be  completed  before  the  software  is  fine-tuned.  Therefore,  we  recommend  continued  research  and 
development  of  existing  and  emerging  technologies.  We  are  currently  negotiating  with  the  Department  of 
Veteran  Affairs  to  conduct  a  $500,000  limited  trial  run  of  SE  Enabled  Technologies  software  as  a  proof  of 
concept.  If  an  agreement  is  reached,  it  will  mark  a  huge  success  that  will  give  us  the  funds  as  well  as  the 
clout  to  commercialize  SE  Enabled  software  and  to  extend  our  services  to  other  major  organizations.  To 
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that  end,  much  of  our  efforts  will  be  directed  towards  reaching  an  agreement  and  accomplishing  a  proof 
of  concept.  We  believe  SE  Enabled  Technologies  has  tremendous  opportunity  to  make  an  impact  in  the 
cyber  security  market.  We  remain  confident  that  the  coupling  of  Intel’s  SGX  and  SE  Enabled 
Technologies  software  has  the  potential  to  transform  cyber  security  on  a  global  scale. 
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